mta in - mta out

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
simred
Posts: 22
Joined: Wed Jun 28, 2017 9:40 am

mta in - mta out

Postby simred » Fri Jul 06, 2018 4:51 pm

Hi,
we succesfully use ZCS OSS 8.7.11. Our deployment is made by a frontend load balancer (haproxy) that load balance requests to the backend zimbra mta servers. We planned to use port 25 to receive mail from external MTA; this traffic is load balanced to internal MTA IN zimbra servers. Port 465 is load balanced to internal MTA OUT zimbra servers and they are used to send mail to external domains (SMTPS).
The problem is that some ZCS users configured port 25 as SMTP, so they send email using MTA IN.
The question is: is it possible to configure the MTA (IN) to accept connections only from external MTA (receive mail only function) and not from MUA (even if they are regular users)? We would like to force the ZCS users to use only port 465 (SMTPS) for sending email...and not port 25.
I hope I was clear.

P.S. we forced login on both mta in and mta out because we do not want a mail relay.

Tnx & br.


User avatar
L. Mark Stone
Elite member
Elite member
Posts: 1771
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine
ZCS/ZD Version: 8.8.8 Patch 4 Network Edition
Contact:

Re: mta in - mta out

Postby L. Mark Stone » Sat Jul 07, 2018 1:16 am

If the users with an MUA try to send email via port 25 to any domain not already in Zimbra, the delivery will fail and the users will get a bounce. Zimbra's Postfix is not configured to do any authentication Port 25.

So I would think the users who have misconfigured their SMTP (Outbound) server settings in their MUA will learn of their mistake in due course, yes?

BTW, Port 465 is deprecated in favor of port 587 and an increasing number of MUAs are defaulting to 587 for sending (authenticated) outbound email. Zimbra's Postfix listens on both 465 and 587 for authenticated sending.

Hope that helps,
Mark
_____________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP and Consulting https://www.missioncriticalemail.com/
Zeta Alliance http://www.zetalliance.org/

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 24 guests